Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refactor SessionDB constructor and use secure defaults #387

Merged
merged 7 commits into from
Aug 7, 2017
Merged

Refactor SessionDB constructor and use secure defaults #387

merged 7 commits into from
Aug 7, 2017

Conversation

schlenk
Copy link
Collaborator

@schlenk schlenk commented Jun 29, 2017

Refactor the SessionDB constructor to be less overloaded.

Looking into #326 i found the password and secret parameters are only used when a DefaultToken factory is used, so they do not really belong into the SessionDB class, if we externalize the factories. The seed parameter is not used at all.

So i threw out the parameters from the init and wrote a wrapper that is nearly as convenient as the old API for the test/example cases.

This partially fixes #326 as the defaults are gone, but DefaultToken does not raise nice exceptions yet.

This is still work-in-progress, just wanted to get some extra looks and agreement about the direction this goes.

It would still be nice to refactor a bit more (e.g. the RefreshDB/RefreshTokenFactory divide seems unnecessary) and to get to a point where #146 can be fixed, so one can do a persistent SessionDB without too much troubles.

@schlenk schlenk changed the title Secure defaults Refactor SessionDB constructor and use secure defaults Jun 29, 2017
@coveralls
Copy link

Coverage Status

Coverage decreased (-0.003%) to 63.217% when pulling bf5fe5a on schlenk:secure_defaults into 12e69ef on OpenIDC:master.

@rohe
Copy link
Contributor

rohe commented Jul 3, 2017

I support this. LGTM.
I'd love to rewrite the whole SessionDB but ...

@decentral1se
Copy link
Contributor

@schlenk, do you want to try and get this in for #403?

@CZ-NIC CZ-NIC deleted a comment from coveralls Aug 6, 2017
@CZ-NIC CZ-NIC deleted a comment from coveralls Aug 6, 2017
@CZ-NIC CZ-NIC deleted a comment from coveralls Aug 6, 2017
@decentral1se decentral1se mentioned this pull request Aug 6, 2017
Merged
4 tasks
@schlenk
Copy link
Collaborator Author

schlenk commented Aug 6, 2017

Would be nice if it is in 0.11. It is a step in the right direction, even if it doesn't go all the way yet.

@coveralls
Copy link

coveralls commented Aug 6, 2017
edited
Loading

Coverage Status

Coverage decreased (-0.003%) to 63.188% when pulling 69d01bd on schlenk:secure_defaults into b447014 on OpenIDC:master.

@decentral1se
Copy link
Contributor

I'll give it a review and try to merge now.

Michael Schlenker added 5 commits August 7, 2017 10:37
@decentral1se
Refactor sdb to remove password, seed and secret from its API
b43c1ad 
The seed parameter is unused.
The password and secrets are directly passed to the DefaultToken Factory
and unused otherwise (and badly named as that is not a password)
@decentral1se
Fix all tests for the new reduced SessionDB API
df78eda 
Moved a lot of SessionDB Init into the conftest.py fixtures.
@decentral1se
Fix tests
2eeee80
@decentral1se
Fix Examples
c5d950b 
Change all examples to the shorter SessionDB API.
@decentral1se
Add docstring for create_session_db
7953e65
@coveralls
Copy link

coveralls commented Aug 7, 2017
edited
Loading

Coverage Status

Coverage decreased (-0.003%) to 63.188% when pulling afcfef4 on schlenk:secure_defaults into b447014 on OpenIDC:master.

Michael Schlenker added 2 commits August 7, 2017 10:44
@decentral1se decentral1se merged commit c18db0c into CZ-NIC:master Aug 7, 2017
@decentral1se
Copy link
Contributor

🍻 🍻 🍻

@schlenk schlenk deleted the secure_defaults branch August 7, 2017 11:08
@taskoma taskoma mentioned this pull request Dec 1, 2017
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Remove defaults for security related settings
4 participants
@schlenk @coveralls @rohe @decentral1se